We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
IMPORTANT! Have you received an email to your forum username?
Options
Comments
-
I also received one of these emails this morning to the email address I use for MSE and it was also addressed to my user name on here!:(
Thats me off to remove my personal email from my profile on MSE :-) I'd delete the account but there is no such option, clearly Martin wants to keep as many as possible so that he can state he has 30 million subscribers when he flogs the site off. (as opposed to the 250 who regularly use it:D)0 -
sorry if this seems so wrong but these threads keep me mighty amused :rotfl:Phishing?
I expect this database is being sold to every petty computer criminal in the world.
They'll each do something with it.
Looking at the forum there is:
all or fewer of:
Date of birth
Home page
ICQ
AIM
MSN
Yahoo Messenger
Skype
And always:
Email
Password
This site has 772,000 members, so the stolen database is worth millions to criminals.
What I would expect:
dictionary attacks on the passwords - should give a couple of hundred thousand sets of the following:
* email
* password
* username
with minimal effort - the stolen database is not protected, there is no throttling, logging, nothing, you could bring the full force of say a network of hundreds of compromised PCs, or simply a multi-core server, and easily crack vast numbers of passwords
Then I'd expect them to use a botnet to login automatically to paypal (very vulnerable, low-security, high-value system) using the emails and cracked passwords. The users that have used the same accounts will then obviously have their funds stolen.
Other sites likely to be attacked would be places like Amazon (again, not well secured).
The database is a goldmine and contains far more users than one person can deal with, so what I'd then expect is for the cracked users to be sold in tranches to other crooks.
Crooks dealing with smalller subsections of the list have the time to go a bit deeper.
Example - login to your email account, look for online banking details, credit card numbers, etc.
Obviously if your password on here was, at the time of theft (which MSE seems to know about, but failed to disclose), used on no other sites, you don't have anything to worry about, but if you did, then best get changing all your passwords....
it's high time that we needed a conspiracy theory
board 0 -
I too received this today and didn't clickthe link.have been a member for years and changed e-mail address last year..can't remember exact date last year but it was the new email address they used.
Another strange thing but maybe just coincidence...I received a pm from someone a few days ago from a new user with no posts....something with a lint to some stockmarket newsletter...I reported this as spam but haven't heard anymore since.
Did anyone else receive that pm.0 -
I got it too but realised it wasn't from MSE so deleted it as spamI didn't say it was your fault, I said I was going to blame you
I am one of the English sexy Shelias
I'm also a hussy0 -
-I, too, received this email today, but it was addressed to a very old username on this site (last used circa 2005). Wirenth did not receive the spam. Very weird.
I have recently re-registered under a new user name and email address, after a gap of several years without posting. The spam email came to my old user name/address but not the new one.0 -
Well no, they've sent out several hundred thousand spams, you've got no clue whether or not any of them have paid off.
Chances are they have, the guys that have done this are not stupid (or if they are, they are unlikely to be the original source of the compromised data, in which case other crooks have also got the info).
And yes, it has been pointed out that MSE doesn't seem to be on top of the technical side of things before, that's quite right, see for instance https://forums.moneysavingexpert.com/discussion/1624247
Now here we have (more) proof of that in that the database has been massively compromised.
No, it's far worse than that. If the site's DOSed, I probably don't even notice, unless I'm on it, but if they get my details, then that's a bigger concern.
The first evidence appeared a few hours ago and now you're demanding proof of personal data being compromised too?
Plenty of MSE users WILL have been victims of id theft, fraud, etc., whether or not as a result of this site being compromised or something completely different is very hard to say, the crooks just want to hack their paypal (or whatever), they are not going to leave a 'PWNED through MSE' calling card.
Well yes, you're right, but that's a little rude, most people don't realise that if they make their password for their email 'ilikepeas' and then use the same password on a site like this, that that's a big risk.
Most webmasters don't pay any regard to data protection at all.
Again, this subject has been raised before too:
https://forums.moneysavingexpert.com/discussion/comment/30221539#Comment_30221539
Well you've certainly passed judgement....
Sigh. . . From your comment:
1) Chances are . . .
the guys who have prepared the emails are so stupid they've muddled up moneysavingexpert with moneyexpert. So a phishing expedition against some members of this website has come in the guise of material from t'other website -- as a result of which, many recipients were instantly alerted. If that's not a textbook illustration of how thick scammers are, I don't know what is.
2) . . they are unlikely to be the original source of the compromised data:
Which should indicate to you what the value of that compromised data actually is. Or have you not asked yourself, how come those who originally got ahold of these MSE IDs and email addies flogged 'em to a bunch of nutters incapable of telling the difference between moneysavingexpert and moneyexpert?
3) If the site's DOSed. . . it wasn't. I said it wasn't. My comment was referring to several posts on this thread which confused Denial of Service attack in the past with what's happened now.
4) Plenty of MSE users WILL have. . . contracted a cold yesterday and this will become apparent soon. You may feel each and every infection will inevitably result in their sad demise and that now is the time for funereal wailing. I don't.
5) If you can find a word in my post demanding proof of anything, then you're reading a spoof website to which you've been led by an email link no sensible soul should ever have touched. Sorry, but; you're doomed.
6) If it's a little rude to b0ll0ck people who fail to take the simplest step in online self-protection, so what? Scammers have no sympathy for their victims, but victims there continue to be -- people trapped by scammers often because they were treated too sympathetically for their own good by well-meaning friends.
Your end comment, obviously, merits no response.
0 -
My spam filter was pleased not to receive this message of hope0
-
Yup I have had this piece of Carp. Luckily I didn't click on anything...:(
Theses spammers are sooooo sad, they really should get a life...0 -
Thought I'd been left out again - but I've just found it it my junk mail folder.0
-
I got one to0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.2K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.7K Spending & Discounts
- 244.2K Work, Benefits & Business
- 599.3K Mortgages, Homes & Bills
- 177.1K Life & Family
- 257.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards